Setting up a second AD agent follows the same steps as setting up your first agent. If you created the Okta service account with the first AD agent, then you are prompted to enter your password during the second agent installation.

To install additional AD agents on a domain

Select Directory > Directory Integrations.

Click Active Directory.

Select the Settings tab. Your agents are listed in the Agent Monitors section.

AD Agent Request Handling

Each agent connects to the Okta service independently. When the service needs to communicate to AD (for example, to authenticate a user), it picks one of the available agents and sends it a task to complete. If one of the agents becomes unavailable, it is automatically removed from the queue and not given additional tasks.

Agent Availability

Agents send periodic messages to the service. If the service does not receive a message for 120 seconds, it is marked as unavailable. After 30 days of inactivity, the API token that was assigned during the agent install will expire and you will need to re-install the agent.

Domain Controller Selection

The AD agent relies on the underlying operating system to select which domain controller to communicate with.